Posted
by
timothy
on Sunday February 21, 2010 @06:48PM
from the that's-a-lotta-drama dept.

A few days ago, we ran word of a report alleging that Windows 7 consumed more memory than it should, based on a report from Devil Mountain Software; a followup post linked to Ars Technica's robust deconstruction of that claim. Now the story gets weird: Fred Flowers writes The original story quoted the company's CTO, Craig Barth on the issue. Now, InfoWorld editor in chief Eric Knorr has still more to add. From Knorr's blog at InfoWorld.com: 'On Friday, Feb. 19, we discovered that one of our contributors, Randall C. Kennedy, had been misrepresenting himself to other media organizations as Craig Barth, CTO of Devil Mountain Software (aka exo.performance.network), in interviews for a number of stories regarding Windows and other Microsoft software topics. ... There is no Craig Barth.' Knorr's post goes on to say that Kennedy has been fired from his blogging gig at InfoWorld over this 'serious breach of trust,' and that his blog will be removed."

Even with all the real things you can slam Microsoft for, some people feel the need to make things up. Reminds me of that pre-Vista paper by that (I think) NZ guy that was full of stuff that even then people who had the RC knew to be false. Sensational things get page views I guess.

Vista was mostly looked badly because they introduced new security features. Features that linux zealots always yell about, like proper admin/multiple user control, securing files and directories and so on.

The fact is, people had got used to everything being simple. When MS did add these new security features (as needed now a days), they got called about. I already see the replies mentioning how the UAC is bad and nuisance for user, so i preemptively answer here - It's a lot better than Linux's su and sudo

Vista was mostly looked badly because they introduced new security features.

Nope, it was how they did it.

Features that linux zealots always yell about, like proper admin/multiple user control, securing files and directories and so on.

Yep, not only did they rip off sudo (which would've been fine), they managed to screw it up.

It's a lot better than Linux's su and sudo alternatives.

I'm sure you'll tell me how...

With su you give full control over the root account,

Yep, just like UAC.

with sudo you need to write it every time you require root account.

WTF do you mean by "write it"? Did you mean, edit the sudoers file? Yeah, you could do it that way, I suppose. Or did you mean, enter your password? Nope, sudo will cache it for a certain length of time.

UAC is actually a lot better than what there is available for linux, in desktop use...

Yet you haven't explained how it's different than the above.

Win7 is more popular now because people have got used to these features.

Nope, it's because Microsoft finally got it to work, and polished performance to where Win7 is faster than XP, whereas Vista was slower than XP.

I never claimed, and I don't think anyone claimed, that all the design decisions in Vista were bad. No, the issue is that the Vista release, like most Microsoft products, was at best beta quality, more like alpha quality. So Vista was Microsoft's way of, yet again, using their consumers as beta-testers, while collecting some revenue to justify finishing the product and releasing it as Win7.

You may want to read up on winlogon, credential providers and user tokens, particularly relative to the UAC.

The Vista and Windows 7 security model is vastly more sophisticated than out-of-the-box Linux implementations, and the UAC is related to that. Unlike su/sudo, the user does *not* transition to the administrative user, they switch between their administrative token, and the default neutered token, but in both cases other security policies can still be applied, but most importantly (especially where network security is concerned) *they still are themselves*. The network provider may or may not allow transparent use of the token across the network using the administrative token, depending on policies, but it *can*.

The knee-jerk anti-Microsoft crowd on here tends to discount the sophistication of the Windows security model, but the reality is that its two decades more modern and more capable, particularly in networked environments, than the typical Linux system.

That crowd could learn something by learning, in more detail, about the things they (incorrectly) discredit.

First, let me say that SELinux is an enormously complex system that has the potential to provide huge security benefits for administrators, and that it is the bar by which other OS security infrastructure should be measured against.

With that out of the way, you're comparing apples to orange-seeds here. UAC is merely a component of the overall security model, and should most directly be compared to gksudo, sudo and su and other methods of user-initiated rights elevation. Additionally, the Windows security model does support some really fine-grained stuff now with mandatory access controls, support for signing trusted executables and all sorts of other complexity that the IT administrator can get into if they want. It's not as easy as SELinux yet, I don't think, but it's not far away either. It's not vetted by the NSA either, so I suppose that'd be a minus.

Depends what you mean by "vetted"; the NSA created SELinux, so nothing really compares to that, but they've regularly put out security guides in conjunction with Microsoft for every major Windows release (as well as for other operating systems). They're always comprehensive and a very solid resource on hardening Windows systems to varying extents, not to mention good learning material. Just don't get too overboard, a lot of the suggestions take security to extremes, to the extent that you'll definitely break a large number of programs by removing permissions and modifying defaults that they'd never expect to encounter (I say this from experience). They definitely don't get the attention they deserve:

That's all fine and dandy, but the GP, or GGP, or whoever, wasn't talking about SELinux, they were talking about sudo specifically and UAC specifically, and between the two frameworks each of these items resides in the Windows framework is far more granular and robust.

Windows 7 isn't billed as a hardened OS, just a secure OS, and it indeed fits that description very well.

Yep, not only did they rip off sudo (which would've been fine), they managed to screw it up.

First of all, Windows has had "sudo"-equivalent features for a long time-- since Windows 2000, I believe.

Secondly, how did they screw it up? It works fine for me.

No, the issue is that the Vista release, like most Microsoft products, was at best beta quality, more like alpha quality.

The problem was that the OS was release-quality, but the drivers from various third-parties was beta-quality for a good year after the OS was released. (And this despite over a year of technical preview releases... fucking lazy driver writers!)

Did Vista have bugs? Yah, it had a bug that slowed down file copies. But they were all fixed, and if you used Vista about a year after it came out it would be fine.

(With one disclaimer: Vista was never designed to run on Netbooks, which was a market Microsoft didn't anticipate while they were developing it.)

Certain odd programs like VMWare Workstation can trigger multiple UAC prompts during installation, first for the actual install, and then for the virtual driver installations. However, it is very much the exception.

I definitely remember getting five or six separate UAC prompts during the installation of a single piece of software.

First of all, that's not Microsoft's fault, that's the fault of that installer. I'm not sure exactly what would cause that, but I'd wager that it could happen if the installer runs a bunch of different programs to take care of sub-tasks-- usually Windows handles this seamlessly, though, which means that it must be doing it in a funky way.

First of all, that's not Microsoft's fault, that's the fault of that installer. I'm not sure exactly what would cause that,

So you don't know, but you're sure it's not Microsoft? What kind of argument is that?

I'd wager that it could happen if the installer runs a bunch of different programs to take care of sub-tasks-- usually Windows handles this seamlessly, though, which means that it must be doing it in a funky way.

And how, exactly, could it be doing this in a way which would escape Windows' notice?

Now, this doesn't happen much anymore, but I'd bet Microsoft was the one patching it -- even if they had to resort to the same kind of brutal hacks they have in the past to ensure backwards compatibility.

Who reboots their OS?

I do, every kernel upgrade. I'm sure you do when Windows Update tells you to.

First of all, that's not Microsoft's fault, that's the fault of that installer. I'm not sure exactly what would cause that, but I'd wager that it could happen if the installer runs a bunch of different programs to take care of sub-tasks-- usually Windows handles this seamlessly, though, which means that it must be doing it in a funky way.

If the software follows Microsoft's best practices for security by installing itself in the proper directories, there is no UAC interaction at all. None. I've installed a number of programs like this. If a piece of software insists on installing itself in protected directories, or insists on running with administrative privileges, you may want to think twice about running it. Those are the kinds of software that open gaping holes in your PC's security.

I'd wager the GP's software was attempting to do something it really had no business doing, and every time the installer did something unsafe, UAC double checked with the user first. It's annoying, yes, but only when you install shitty software, and it's really exactly the type of behavior you should want out of your security system.

If the software really did need all that access to do something legitimate, and if they publisher had bothered to test it with Windows 7 and discovered the problem, Microsoft would have added an exception specifically for their software to group all the UAC requests into a single request to streamline the process. They do that kind of backwards compatability stuff all the time.*

*They actually tried not to do this with Vista even though they did it for every previous version of Windows. That was part of the reason there were so many incompatibilities between XP and Vista, and it bit them in the ass. They reverted back to their old policy for Windows 7, and even put a seemless XP VM in the business and ultimate editions.

I never claimed, and I don't think anyone claimed, that all the design decisions in Vista were bad. No, the issue is that the Vista release, like most Microsoft products, was at best beta quality, more like alpha quality.

By the same criteria, most userland open-source software is released as alpha-quality. And a lot of kernel-space drivers. OpenOffice, GIMP, all media players, X.org, most wireless drivers... you name it, they all have major issues and shipped as "stable" in distros. Desktop Linux has been, on the whole, far buggier than Vista ever was.

Possible, but unlikely, considering most userland open source software isn't at 1.0 yet. That's why KDE4 was such an embarrassment -- you don't release that abortion as a dot-oh.

And a lot of kernel-space drivers.

Most likely the ones marked "EXPERIMENTAL", or third-party, proprietary drivers. Or do you have some specific examples?

OpenOffice, GIMP, all media players, X.org, most wireless drivers... you name it, they all have major issues

I'd again have to ask you for specifics, especially comparing these to the released Vista. As bad as OpenOffice may be, I can't remember it crashing at all in recent history. I've never had issues with my wireless d

Windows NT has always supports the notion of "root" level (aka "Administrator") accounts and standard or limited user accounts. It has also long supported "runas" - the equivalent of sudo. The purpose of that is to allow a standard user to run a program in the context of another user, generally an Administrator, on the same desktop.

UAC, on the other hand, could be called the opposite of "sudo." Instead of running specific processes as a more privileged user, it allows an Administrator to run processes as a LESS privileged user, with varying privilege levels. Technically, Windows has also supported something like this in the past via Discretionary Access Control mechanisms and custom security tokens. UAC brings several additional pieces to the table such as: Mandatory Access Control, more direct user/system control over this behavior, and various bits of supporting infrastructure to make it both more secure (i.e. UIPI) and more compatible with existing programs (File System and Registry virtualization, for example).

UAC also allows programs such as IE and Chrome to run at below-standard privilege levels ("protected mode" or "sandbox" mode), enables secure consent prompts for elevation (more convenient and often more secure versus credential prompts which are vulnerable to spoofing attacks), and more.

Instead of running specific processes as a more privileged user, it allows an Administrator to run processes as a LESS privileged user, with varying privilege levels.

That's not significantly different. On a Unix system, init is run as root, and it then spawns other processes as varying users, with varying privilege levels. The "sudo" part is remarkably similar on both systems -- you're at a lower privilege than the process that started you, and now you want a higher privilege, so you have to get permission from the user in some way, and a higher-privileged program (like sudo or the UAC window) is going to do that for you.

UAC also allows programs such as IE and Chrome to run at below-standard privilege levels ("protected mode" or "sandbox" mode),

The problem is that it's not "assuming same old hardware". It's "assuming same price point at time of release". Debian Lenny runs much, *much* faster in a low-end 2009 machine than Woody did in a 2002 one, and Windows 7 flies on a mid-range 2009 machine compared to XP on a mid-range 2001 computer. The problem with Vista, however, is that in 2006 even on a high-end machine it ran like a freaking pig.

Vista was mostly looked badly because they introduced new security features.

This was one of the issues, yes, but not the only one and not even the most important one for many users. Vista's key problem was lack of drivers for a lot of hardware and some of the drivers available for common parts were not all that stable initially even though they passed relevant certififcation. Second came performance especially on "vista capable" (or "vista ready", which ever was the lower designation) machines (many reported significant issues on better kit too, though this situation improved greatly with service pack 1). UAC was thrid on the average user's list of hates though it sounded worse as it was usually the straw that started the major rant "it asked me for confirmation X times before very slowly failing to work because of driver problems!".

UAC is not a bad idea, though it is not IMO particularly well implemented. They tried to so sudo but for the traditional Windows way of working (i.e. admin by default and adding blockers, where the sudo way starts unprivelaged). The result didn't fit as well as intended with Windows users processes and was sometimes overly naggy (three prompts for some file operations where sudo would need one escalation request) and just ended up being more OK buttons for clueless users to click, and to top it off it worked badly for people expecting a more linux/bsd/other way of doing thing - so essentually they failed to please either major group (i.e. neither those the feature was intended to protect nor those most likely to make a noise about such things were happy with it).

However, what you describe is mostly fault of existing software and drivers. MS had to either 1) bring in the new security features 2) maintain support for old programs. I say they chose the better option. They redefined their driver model in Vista and that's the reason why there wasn't so many drivers for older hardware available upon launch. But Vista was out for a few years and Win7 uses the same model, so companies had more time to do their drivers now.

With su you give full control over the root account, with sudo you need to write it every time you require root account.

I like UAC, and I'm kind of an MS fanboy, but that's just wrong. There are solutions like gksudo that work much like UAC, including a user-friendly GUI and caching of credentials. Not to mention PolicyKit and other capability-based security mechanisms. Every major distro (e.g. Ubuntu, Fedora, etc.) has these features by default.

Vista was mostly looked badly because they introduced new security features.

I think a much bigger factor was that it was so long between XP and Vista, people had forgotten what XP was like at the start. When XP launched, it received many of the same complaints Vista received. It wasn't until a couple of service packs that people started to like XP. After a couple of service packs, Vista too was fine.

Actually I would say Vista got slammed, and rightly so, for being buggy as shit and slow as ass. Let us just use my own experience with Vista, and to be fair I'm writing this from my Windows 7 machine which hasn't given me a lick of trouble.

Oh, Vista, how I hated thee, let me count the ways. 1.-Play an MP3 and watch your network throughput grind to a halt. Yeah it was fun going back to the Win95 days where you didn't dare do squat while anything downloaded. 2.-Network shares that would just "disappear" and

From a technical perspective I think UAC was a huge step in the right direction. From a usability standpoint I think they really shot themselves in the foot. You're assuming the exact same people are saying both of these things, when that's obviously not the case. You create this abstract group of people ("linux fanbois") and then attribute every argument against Microsoft to them as if everyone is saying the exact same thing. They're not. It's a sweeping generalization.

The UAC, in Vista, nagged constantly early on because of poorly written software. The UAC prompting means a program at launch either via code or manifest, or certain other compatibility-conditions (like being an installer) needs access to the user's administrative token, rather than the default neutered token. Typically that means its doing something it shouldn't have been doing, such as writing files into the installation directory rather than the user's profile (and thus needing administrative rights) or, for example, writing runtime settings into the local machine's registry rather than the user's registry.

The UAC prompts became far less common as time went on because publishers fixed their software that was doing things that even in XP they shouldn't have been doing (and getting more secure in the process).

They're reduced in Windows 7 primarily because a request for privilege escalation that is a direct result of a user action (based on a bunch of criteria, including a valid digital signature on the application, and I believe on the MSI that installed it) gets escalated automatically.

You *really* should almost never see a UAC prompt. Now, if you're a developer and are doing things that need to be escalated all the time, then no shit you're going to see it a lot. But a normal end user should virtually never see one on up-to-date versions of software on Vista or Windows 7. If you are, you should contact whoever publishes the software in question and tell them to fix it.

Back in Win 95 days, Microsoft could have required all 3rd party software to use.ini files located in that software's main directory, or they could have required them to all use the registry, and use it in specified ways. Microsoft could have told every 3rd party company wanting that valuable Windows compatible logo on their box to use some method that would have directly helped MS's security and/or indirectly helped intelligent users who were concerned enough about security to want policy level control even then, and even then MS had enough market share to make it stick. Instead, they definitely let some companies ignore the usual rules and apparently relaxed them further whenever MS's marketing wanted to brag about how much software was windows compatible. (The first is something some of Microsoft's key people have admitted to, the second is an outsider's inference, and I'm sure there are people who would disagree with me on it.)
I'm hoping Microsoft has actually made all 3rd party sources write to some standards this time, and true support for multiple users under Microsoft's long standing model dictates, as you imply, that this should be under the user profile rather than in the install directory. What worries me is that Microsoft may still give some companies, such as Norton, favored status at bending the rules. I'm waiting to adopt 7 in part because I don't know how firm Microsoft has been on security. Microsoft had certainly transitioned from the Win 95-98 first ed. days of having a big market share but with room to grow, to one that had 95% of the market and no place to go but stagnate, well before Vista came out, but they didn't seem to have learned the lesson at all by then, which may be why I doubt they have fully learned it just yet.

I've never seen an app manifested as require-admin that didn't really need admin. If an app is not manifested then it runs virtualized and accesses to restricted areas get redirected to the virtual store. I think that most slashdotters see more UAC than more typical users because they are called in to do system maintenance.

My wife got a Vista laptop around 9 months ago. A few months after she first got it I asked her what she thought about UAC. She replied, "What's UAC?" When I showed her she said that she'd seen that watching me using my machine, but never on her own machine.

those who haven't turned off UAC get the prompts several times a day - and I'm talking just for basic things like web browsing with IE.

I have my UAC settings at maximum under Windows 7 and I don't see any UAC prompts for IE. I have also disabled downloading of ActiveX controls (signed and unsigned), so maybe that is the difference. The UACs might be when websites are trying to install controls.

The only time that I get UAC prompts are when I am installing software, changing settings (like allowing a program through my firewall), and running some games (mostly older ones - and even then you can often say "No" and they will still run).

I'd say that the UAC in Vista nagged constantly early on because it was written to complain about software that was written to standard procedures at the time.

There's a heck load of software which doesn't follow even the basic instructions found in MSDN. Also there is many programmers who doesn't even know that MSDN has these instructions. There is even programmers who don't know what MSDN is!

There is nothing inherently "poorly written" about writing to the current working directory

You do know that you shouldn't trust current working directory, don't you? There's this thing that even if application is installed in the folder X it can be started from folder Y and now your current workind directory points to Y. What's the problem in asking the Operating System where %APPDATA% is?

Windows has added dozens of new layers of "default" directories over the years

And they all can be found via environment settings.

Also, seeing as how applications were allowed to do more or less anything in XP / NT

No they weren't. User let them by running them with administrator privileges.

As a regular Win7 user, no, it doesn't, and you're talking out of your ass.

Or, rather, it only nags constantly for apps that constantly demand to do admin tasks. Such behavior wouldn't be tolerated in Linuxland, but a program that insists it should be allowed to connect with repositories and auto-update on every single load would trigger sudo requirements too. The real problem is with apps that have very poor manners, not with UAC.

One solution would be for Windows Update to allow 3rd-party apps to piggy bac

Christ, what ever happened to basic responsibility? Or buy beware? How about reading reviews before buying something or returning the product if you dont like it? Is lawsuit now the default action?

I took the parent to mean actionable by Microsoft. The guy was intentionally spreading negative press about their product, which would hurt the ability of the buyer to do the very thing you suggest - go out and read reviews about the product (Windows 7) before buying it.

And what about Ballmer/MS saying don't use linux because they violate 200 patents? All sorts of people have asked which patents, a simple question to answer, so if they are valid it can be fixed, yet from MS..crickets. One blog post versus the head guy of Microsoft spreading stories? How much have all the various Linux companies and Linux professionals all over the planet been hurt by his statements, and by MS actions over the years?

I'm not defending this blogger at all, far from it, that was a shitty thing

However it's interesting to note that Randall Kennedy was one of the standard bearers in the public campaign against Vista. If you go through the most egregious condemnations of Vista posted to/., you'll find that a disproportionate number were sourced to Randall Kennedy at Infoworld. Many of which were about as truthful as the Windows 7 memory article.

Kennedy has been an extraordinarily biased source about Microsoft for a long time, and over the past few years I've lost a lot of karma pointing this out. For me this feels like vindication.

Researchers from the Devil Mountain Software group is claiming that a series of in-house benchmark tests showed that users hoping to receive a speed boost from the update will be disappointed."Devil Mountain ran its DMS Clarity Studio framework on a laptop Barth described as a "barn burner" -- dual-core processor, dedicated graphics, and either 1GB or 2GB of memory -- to compare performance of the SP1 release candidate that Microsoft released last week with the RTM version that hit general distribution last January. The Vista RTM was not updated with any of the bug fixes, patches or performance packs that Microsoft has pushed through Windows Update since the operating system's debut. 'One gigabyte, 2GB [of memory], it didn't make a difference,' said [CTO Craig] Barth. 'SP1 was never more than 1% or 2% faster.'"

"More than one in every three new PCs is downgraded from Windows Vista to Windows XP, either at the factory or by the buyer, said performance and metrics researcher Devil Mountain Software, which operates a community-based testing network. 'The 35% is only an estimate, but it shows a trend within our own user base,' Craig Barth, the company's CTO, said. 'People are taking advantage of Vista's downgrade rights.' Last year, Devil Mountain benchmarked Vista and XP performance using other performance-testing tools and concluded that XP was much faster. Barth said things haven't changed since then. 'Everything I've seen clearly shows me that Vista is an OS that should never have left the barn.'"

"Consuming twice as much RAM as Firefox and saturating the CPU with nearly six times as many execution threads, Microsoft's latest beta release of Internet Explorer 8 is in fact more demanding on your PC than Windows XP itself, research firm Devil Mountain Software found in performance tests. According to the firm, which operates a community-based testing network, IE8 Beta 2 consumed 380MB of RAM and spawned 171 concurrent threads during a multi-tab browsing test of popular Web destinations. InfoWorld's Randall Kennedy speculates that Microsoft may be designing IE8 for the multicore future. But until your machine sports four or eight discrete processing cores, IE8 will remain 'porcine,' Devil Mountain's Craig Barth says."

I can't argue that the guy seems to have spread FUD - but how much of it was really FUD?

I, personally, had little luck making Vista run on my machines. On the very same hardware, Win7 runs nicely. I get the same low scores for my hardware, because I don't have recent gaming video cards - but Win7 runs nicely.

So, again, how much of the anti-vista stuff was really FUD? Not much, I suspect. Even a fraud can be right sometimes.

You know, about the only item of interest I have in this whole debacle are the disk queues. I had more HD failures under Vista than I have ever had with any previous operating system. The drives ran constantly. I can only assume it was for pre-caching and possibly indexing. Although server storage would handle this without breaking a sweat, it appeared to be too much for the general desktop/laptop drives. Either the vendors I had trusted or years had pushed out some really shitty components, or the OS was a

With Vista I had this consistent problem where my SATA drives would just lose communication with the system, and it would blue screen. This would happen about once every month or two. Since moving to 7, I haven't had an issue with SATA at all. Overall I don't notice nearly as much disk thrashing in Win7 as there was in Vista.

There's a real difference between Gutmann's early Vista analysis [auckland.ac.nz] and this smear campaign. Gutmann was trying to peer behind a veil of secrecy to find what Vistas content protection looked like and sure he missed the mark but it was an honest attempt to evaluate what the future held based on MS, ATI and other presentations, press releases and patents.

Whereas this guy is clearly a shill out to smear MS based on blatant fabrication.

from what it looks like. Rather, it was about the identity of the blogger. It looks like he was a paid blogger for InfoWorld and a Windows performance analyst at the same time, and wrote the Windows memory consumption post under a pseudonym without disclosing the relationship to InfoWorld. It doesn't mean the memory consumption article's contents are faked or wrong. Its conclusions are disputed, but that's a a separate issue. The issue is disclosure of its authorship.

I really don't think it was a case of him merely "being wrong" about Win7. His software company sells a suite that is supposed to make Windows "run better". He had a direct motivation for lying about the performance of Windows. That's fraud in my book, and not merely "being wrong".

InfoWorld's editor in chief, Eric Knorr, should be commended for dealing this matter quickly and decisively when he discovered Mr. Kennedy's deception. At the same time, he should think very carefully about the series of decisions that led to this outcome.

Randall C. Kennedy was an InfoWorld blogger known for his outrageous, inflammatory posts. Often these posts appeared to disregard the facts, overinflate the issues, or otherwise ignore the tenets of basic journalism in favor of sensationalism and manufactured furor. Doubtless InfoWorld appreciated the traffic such posts drove to its site. What it should have realized, however, was that beyond contributing to InfoWorld's success, Mr. Kennedy had a personal incentive for generating that traffic: promoting his own company, Devil Mountain Software. With that as his motive, he had far less incentive to consider InfoWorld's journalistic integrity when crafting his blog posts. Preserving that integrity was the job of InfoWorld's editorial staff. They failed to do so.

Compounding the issue is InfoWorld's decision to partner with Mr. Kennedy on the "Windows Sentinel" project, InfoWorld's in-house branded version of Devil Mountain Software's exo.performance.network Windows monitoring product. The original post announcing Windows Sentinel is currently hidden behind a password [infoworld.com], but the Google cache [209.85.229.132] clearly shows that InfoWorld was aware that Mr. Kennedy was behind Devil Mountain Software all along:

Today, I'm happy to announce the beta version of InfoWorld Windows Sentinel, a joint project with the exo.performance.network founded by InfoWorld Contributing Editor Randall C. Kennedy.... According to Randall, the main point is "to develop a more concise picture of the Windows computing landscape.

InfoWorld's editorial staff should have seen that allowing a contributor to use InfoWorld's brand to promote his own company's products and/or services constituted a conflict of interest at best, and at worst, a serious breach of InfoWorld's responsibility to provide truthful, unbiased reporting to its readers.

InfoWorld needs to think very carefully about how to proceed in future if it hopes to recover its integrity after this incident. In an age where publications are under increasing pressure to demonstrate their power to drive revenue, it is more important than ever that editors take a stand for the paramount importance of high-quality, thorough, accurate reporting and editorials, untainted by financial interests or the pursuit of personal gain. InfoWorld stumbled by continuing to support Randall C. Kennedy when it should have, at the very least, questioned his judgment. It can and must do better.

In an age where publications are under increasing pressure to demonstrate their power to drive revenue, it is more important than ever that editors take a stand for the paramount importance of high-quality, thorough, accurate reporting and editorials, untainted by financial interests or the pursuit of personal gain. InfoWorld stumbled by continuing to support Randall C. Kennedy when it should have, at the very least, questioned his judgment. It can and must do better.

I suspect you are the editor of a publication in competition to InfoWorld. Your arguments are carefully thought out, your written English is impeccable, your paragraph construction is correct, you are careful with names and you're posting Anonymous Coward.

Nothing wrong with all that (or anything wrong with your post) but it's a shame I can't add you to my friends list. I would have, for that post.

I suspect you are the editor of a publication in competition to InfoWorld. Your arguments are carefully thought out, your written English is impeccable, your paragraph construction is correct, you are careful with names...

Based on your acute observations I suspect he meant to post on a sight other than/.

InfoWorld's editor in chief, Eric Knorr, should be commended for dealing this matter quickly and decisively when he discovered Mr. Kennedy's deception. At the same time, he should think very carefully about the series of decisions that led to this outcome.

IDG knew. Galen Gruman, Executive Editor of InfoWorld knew. Asdid Eric Knorr. And several others. But poor Gregg Keizer - hey,the man was looking for an anti-Microsoft angle at every turn, andhe let his zeal get the best of him. I honestly never meant anyharm, especially to Gregg.

Slashdot should ban all articles from InfoWorld. After all, most of the anti-Vista fud articles posted here were written by Randall Kennedy.

According to the linked reports (both those in the summary and this one at ZDNet- http://blogs.zdnet.com/BTL/?p=31024 [zdnet.com]) the only reporter for InfoWorld who "Barth" was quoted by was Gregg Keizer. This raises a question: Did Keizer know about this deception? And if not, how did he get contacted by Barth initially? It is possible the Keizer was deceived but some sort of answer would be nice.

Which is interesting but never addresses how Keizer ever got in touch with Barth. Did Barth email him out of the blue? Did Keizer contact him on Kennedy's recommendation? It simply strains credulity that the one outlet used by Barth would happen to be a reporter who worked with Kennedy. The're some sort of details we are missing here. And the fact that Keizer doesn't explain those aspects in the above piece doesn't help us much.

I'd guess this guy's never done academic research. The profs in my school days would go mega fundy when it came anywhere near the notion of research integrity. They took crap on our GPAs every nown and then to make examples, and burned the notion into our heads.

We used to use him to cobble up sales plans. He'd do some performance reports under a pseudonym, quote these fake 3rd parties in a report, then we'd produce a whole range of sales materials quoting all these 'different' sources and the roll up.

Took the analysts about a year to figure out that it was just one guy. Which was fine because the guy was hard to handle. He was like a teenager. When we fired him, he turned into a big problem.

So Slashdot posted a second hand story from another site with a (potentially) misleading headline, without checking the facts, because it would drive traffic? And now they've had a letter from a lawyer? Big surprise. I'd be proud to get banned for this post.

If you actually read the story in question on Slashdot, you'll see everyone point out what an idiot whoever put the story up is and explain that the whole point of memory is that you use close to 100% of it since every byte you use makes things go faster. It's been this way for years. kdawson et al's anti-MS biases get on the front page, and everyone kicks them down (unless they're justified).

Kennedy has posted his side of the story here: http://exo-blog.blogspot.com/2010/02/when-microsoft-attacks-again.html [blogspot.com]
"Apologize? For what? Using a pen name when dealing with an overzealous reporter? Because that't the extend of the "deception" that everyone is so excited about. The company itself exists, has real clients and is profitable. Nothing they can say will change that or other facts, like:
* We have nearly 24,000 users at xpnet.com.
* We collect and analyze over 230 million system metrics records and over 13 billion process metrics records every week.
* We publish our findings and make all of our resources freely available to the IT industry.
People want to skewer me because they don't agree with my point of view. Microsoft wants to skewer me because I hurt sales. IDG wants to skewer me to cover their asses - because, as I pointed out to ZDNet/CNet, they knew about the Craig Barth ruse all along. And they did nothing.
If anyone needs to apologize, it's IDG - but not for the reasons they've stated. It was their hunger for page views that ultimately drove them to turn a blind eye.
Me? I just used a pseudonym in a few email exchanges and during a a couple of phone calls. The rest is all BS and posturing, and they (IDG & ZDNet) know it.
RCK"

Duh, Paranoia 101; The guy was obviously a covert operative from Microsofts Intelligence Service put there to discredit views that criticize Windows. As my conspiracy teacher told me "Never attribute to stupidity what can be explained by malicious intent from our evil alien overlords!"

I suspect he believed the content of his message, and was willing to go to whatever lengths necessary to get the message out, even if that meant fraud elsewhere. You know, the kind of guy who dreams of outing an evil megacorp.

Well, I'm sure Apple is a little worried considering Windows 7 is actually good. Now, it's still Windows but let's be honest, it's pretty good. Consider UNIX has been around for getting on 40 years meanwhile Windows is what, 15 years old? Given that I would say yeah it's starting to getting pretty decent.

Worried about what? The direction of computing today is mobile devices and online services, and Apple and Google have soundly defeated Microsoft there. Windows 7 is a relic of an outdated paradigm. It may end up being the last of desktop Windows as we think of it today.

Were you needing that memory for something else and when you did, did Windows 7 not give it up immediately?

I see these sorts of posts all the time and wonder what exactly it is that all these people want unused RAM for. I payed for it. I want it in use dammit! And unless you're on a notebook there is no reason to not have 4-8GB of RAM. Even DDR3 RAM is now less than $20 a gig. So what you're saying is no OS should use more than $5 of RAM?

see these sorts of posts all the time and wonder what exactly it is that all these people want unused RAM for.

Numerical simulations, animation. I wanted to run a 256^3 sized grid reaction-diffusion simulation. That would required around 128^3 x (2 channels) x (2 grids) x (4 bytes) ~ 60 Mbytes. I try malloc and then mmap, but each were extremely slow due to the freeing up of memory (particularly system buffers). So I resorted to using the graphics card instead (you want 32 Mbytes for a single four channel 3

If you had read anything to do with this story, you'd already be aware that superfetch will not interfere with "heavy hitter" apps like games and 3d modeling programs, because the superfetched data is dumped the millisecond it's needed by an application...

As has been explained countless times, yes Windows 7 uses more memory BUT it uses most of it as disk cache. It's more like Linux now compared to older versions of Windows. Using otherwise unused memory for disk cache is a good thing and does not affect application performance or available memory negatively.